Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19,568 advisories

Loading
Cross-site Scripting in Apache Atlas Moderate
CVE-2017-3153 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
SimpleSAMLphp Incorrect IV generation for encryption Moderate
CVE-2017-12871 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode Moderate
CVE-2017-12870 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
Cross-site Scripting in Apache Atlas Moderate
CVE-2017-3155 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Apache Atlas produces Stack trace in error response High
CVE-2017-3154 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Scrapy denial of service vulnerability High
CVE-2017-14158 was published for scrapy (pip) May 17, 2022
jhutchings1 G-Rath
ayatweb Matthew-Grayson
OpenStack Swift metadata constraints are not correctly enforced Moderate
CVE-2014-7960 was published for swift (pip) May 17, 2022
Smarty arbitrary PHP code execution High
CVE-2014-8350 was published for smarty/smarty (Composer) May 17, 2022
Django User Enumeration Vulnerability Low
CVE-2016-2513 was published for django (pip) May 17, 2022
MarkLee131
Django XSS Vulnerability High
CVE-2016-2512 was published for django (pip) May 17, 2022
MarkLee131
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop Critical
CVE-2016-3086 was published for org.apache.hadoop:hadoop-yarn-server-nodemanager (Maven) May 17, 2022
Dolibarr SQL injection vulnerability in admin/menus/edit.php Critical
CVE-2017-14238 was published for dolibarr/dolibarr (Composer) May 17, 2022
Dolibarr SQL injection vulnerability in don/list.php Critical
CVE-2017-14242 was published for dolibarr/dolibarr (Composer) May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2017-14241 was published for dolibarr/dolibarr (Composer) May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure High
CVE-2017-14240 was published for dolibarr/dolibarr (Composer) May 17, 2022
Apache Tomcat HTTP BIO Connector Error Discloses Information From Different Requests to Remote Users Moderate
CVE-2011-1475 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Authentication Bypass in Apache Tomcat Moderate
CVE-2012-3546 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
tdunlap607
Cross-Site Request Forgery in Apache Tomcat Moderate
CVE-2012-4431 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
python-keystoneclient unsecure user password update Low
CVE-2013-2013 was published for python-keystoneclient (pip) May 17, 2022
GeniXCMS denial of service (account blockage) Moderate
CVE-2017-14231 was published for genix/cms (Composer) May 17, 2022
Dolibarr cross-site scripting (XSS) vulnerability Moderate
CVE-2017-14239 was published for dolibarr/dolibarr (Composer) May 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API High
CVE-2015-3250 was published for org.apache.directory.api:api-ldap-model (Maven) May 17, 2022
Moodle XSS Vulnerability Moderate
CVE-2017-12156 was published for moodle/moodle (Composer) May 17, 2022
Jenkins HttpOnly flag not Set for session cookies Moderate
CVE-2014-9635 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API